9 matches found
CVE-2026-33512
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512
WWBN AVideo (open source video platform) — Affected versions up to 26.0 have an unauthenticated decryptString action in the API plugin that accepts ciphertext and returns plaintext, exposing protected tokens/metadata. Ciphertext is publicly obtainable (e.g., view/url2Embed.json.php). Patch is ava...
PT-2026-27167
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...
GHSA-MWJC-5J4X-R686 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...